Update: Ransomware In The News

A new ransomware outbreak began early in the morning on June 27th, involving a different variant known as Petya, or PetyaWrap.  Petya takes a different approach to encrypting the victim's files, but as with Wannacry, the best defense is prevention with good security practices that protect computers from malware infection of all kinds, not just ransomware infection.

Petra primarily spreads within a network by using the same Windows vulnerability that Wannacry used.  See below.

Wannacry ransomware:

A recent massive outbreak of a ransomware variant known as Wannacry is currently in the news due to the severe impact it has had on vulnerable sites worldwide. This is a good time to review your computer's security configuration. Good computer security practices will serve you well in protecting your computer from this malicious software and any variants to come. They include: choosing strong passwords for all accounts; keeping up to date on security updates for your operating system and applications; running an antivirus program and keeping its definition list updated; regularly backing up your data and periodically testing your backups to make sure the system is working as expected; enabling your computer's local firewall protection; disallowing or heavily restricting remote access permissions; and exercising caution with unexpected links and attachments received in email. If you have questions about a suspicious email message, please contact the Help Desk or Information Security for assistance. 

This particular ransomware variant reportedly gains access to a network in the form of a malicious email attachment.  Once executed by an unsuspecting user on a Windows computer, it attempts to spread itself via the local network using a vulnerability in Microsoft's implementation of SMB, which was patched by Microsoft in March of 2017 for currently-supported versions of the Windows operating system.  Microsoft has now released patches for this vulnerability that cover older versions of Windows that are no longer supported, including Windows XP, Windows 8, and Windows Server 2003.  As is the case on many institutional networks, SMB access from outside the Caltech campus net is blocked, and has been since about 2002.